Security
Prospects
What are some of the trends to spot in this sector?
By Edward B. Driscoll, Jr., a tech writer living
in San Jose, Calif.
November 1, 2001, 8:30 a.m.
he
cliché is that everything’s changed as a result of September 11th. But
like most cliches, it holds more than a grain of truth. On the Internet,
businesses are placing greater emphasis on protecting their sites and
the servers they reside on. Conversely, the U.S. government and its agencies
want to find easier access to the information on these sites in order
to thwart future acts of terrorism. What are some of the trends to spot
in this sector? NRO Financial asked several technology experts for their
prognoses.
Glenn
Reynolds, instapundit.com
You’re going to see a certain amount of bureaucratic opportunism from
Washington as a result of September 11th, but if people think seriously
about terrorism and the threats to infrastructure and to e-commerce, they’re
going to come to the conclusion that what we probably need is a lot more
encryption, rather than less.
We’re going to come to realize in the next few weeks and months the extent to which the cyber-infrastructure is vulnerable to attack, and encryption turns out to be pretty important to protecting against that sort of thing. The government has been hostile to the idea of encryption, because they think of it as a lock that lets terrorists lock them out. But I think we’re going to realize that it’s also like a lock that can keep terrorists out, and there are a lot more things that need to be locked up against terrorists than there is information that terrorists might lock us out of.
I’m doubtful that
Carnivore [the FBI's e-mail surveillance tool] is going to work, going
forward. The real problem with e-mail and terrorists, so far, was not
that messeges were encrypted, and that authorities couldn’t break it,
it was that nobody was looking. Most of this communication occurred in
the clear, and if anybody had bothered to look at these accounts, encryption
wouldn’t have mattered. But if anybody had known enough about these guys
to be bothering to look at their e-mail, we probably would have been arresting
them anyway.
— Reynolds is a law professor at the University of Tennessee and
host of instapundit.com.
Mark
Fernandes, Merrill Lynch
What’s really changed is that a company now has to go from being defensive
minded, to actually taking a more proactive role in security. There are
four or five main “buckets” of security where you’ll see this trend developing.
Firewalls, the biggest security category, used to be just gateways, and often still are. Nowadays, the firewall can have an application that sits on top of it, called a virtual private network, or VPN. A VPN is basically an encrypted tunnel through a public network, and it requires lots of encryption and authentication, just to give some idea of how we’ve evolved from purely defensive measures, to enabling things like two people being able to talk over a public network. This field is pretty much dominated by Check Point Software Technologies, Inc. (CHKP) and Cisco Systems (CSCO).
A second bucket is intrusion detection service, or IDS, which basically means detecting someone trying to hack into a network or server. This field is dominated by Cisco and by a company called Internet Security Systems, Inc. (ISSX). The third bucket is authentication, or simply identifying yourself. Currently, 95% of authentication is done with passwords. The 5% who want stronger technology use multiple methods, such as secure ID, which is a token provided by RSA Security Inc. (NASDAQ: RSAS).
The fourth bucket is anti-virus. The main providers here include Network Associates, Inc., Symantec Corporation, McAfee.com, Trend Micro, Inc., and some smaller companies. Anti-virus has evolved from simply being a floppy loaded into a PC to more proactive and different types of technologies.
We’re in very strange times — we don’t know what the next three to six months are going to hold. But if you’ve got a 12-to-24 month horizon, it’s very clear that there are a few companies that are very well positioned in this space. Check Point, for instance, is absolutely a dominant player in the firewall and VPN space. ISS is a very good company, but it had some trouble a quarter ago, struggled for a while, but it’s gotten its act together. It’s done very well in the past couple of weeks; they’ve almost returned to normal levels. Then there are a whole bunch of players below them, in terms of size and critical mass. Netegirity, Inc., RSA Security, and VeriSign, Inc., which is a good company, but only a quarter of their business is security.
Investors need to
look for the right spots to buy these companies over the next few years.
There already is a lot more emphasis and awareness on security, but I
don’t think we’ve done much about it yet, and I think that time will come.
— Fernandes is a software analyst for Merrill Lynch.
Wayne
Crews, CATO Institute
Companies have to secure their networks, and they’re getting better and
better at that. Over the decades ahead, I think you’ll even see some companies
setting up what amount to private internets. For example, eKids Internet
is a private internet that you surf, but you can’t get there from here.
You can’t go onto the Internet and get on the eKids Internet, because
it’s a separate internet with its own servers and routers — you have
to be a member to use it. And of course, in a private, insulated network,
there’s a whole lot less risk of someone getting in there and damaging
it.
Of course, it helps
that the Internet as a whole was originally designed to withstand a nuclear
attack. If you knock out a whole piece of it, the traffic gets routed
elsewhere.
— Crews is director of technology policy for the CATO Institute